Encryption and Decryption with RSA

Pico HSM supports in place decryption of arbitrary data and encryption with any app. It supports the following algorithms:

Encrypt and decrypt is a fundamental operation in cryptography. Usually, the data is encrypted with the public key and is decrypted with the private key. Therefore, anyone can encrypt data and send it securely to the recipient, which is the only allowed to decrypt it, as it is the only in possession of the private key used for decryption.

RSA is the traditional way to encrypt and decrypt data and it has three variants. The PKCS is the raw version, which takes the data and performs the RSA encryption. The raw data is recovered by performing the inverse step. The RSA-X-509 is a prepended version of the raw variant, with an ASN.1 structure that contains all relevant parameters. Finally, RSA-PKCS-OAEP is the most recent variant for RSA encryption and it is considered the most secure and robust.

On the contrary, elliptic curves do not accept to encrypt/decrypt data. Instead, if an encryption method with an elliptic curve is needed, an intermediate step is performed to derive a symmetric key. Whilst RSA is a pure asymmetric cryptographic operation, this derivation step from an elliptic curve is a symmetric step that uses a secret key for both transmitter and receiver, named ECDH derivation. Based on a foreign public key (an elliptic point) and a private key (an elliptic number), it is possible to derive a secret key, shared by the two peers that will be used to encrypt and decrypt the data.

$ echo "This is a test string. Be safe, be secure." > data

$ pkcs11-tool --read-object --pin 648219 --id 2 --type pubkey > 2.der
$ openssl ec -inform DER -outform PEM -in 2.der -pubin > 2.pub

$ alias sc-tool=pkcs11-tool --module /path/to/libsc-hsm-pkcs11.so

RSA-PKCS

This algorithm uses the PKCSv1.5 padding. It is considered deprecated and insecure. First, we encrypt the data with the public key:

$ openssl rsautl -encrypt -inkey 1.pub -in data -pubin -out data.crypt

Then, we decrypt with the private key inside the Pico HSM:

$ pkcs11-tool --id 1 --pin 648219 --decrypt --mechanism RSA-PKCS -i data.crypt
Using slot 0 with a present token (0x0)
Using decrypt algorithm RSA-PKCS
This is a test string. Be safe, be secure.

RSA-X-509

In this algorithm, the data must be padded with a length equal to the size of private key (128, 256, 512 bytes for RSA-1024, RSA-2048 and RSA-4096, respectively).

First, we pad the data. The original data file occupies 29 bytes. Thus, for a 2048 bits key, a padding of 227 bytes is needed:

$ cp data data_pad
$ dd if=/dev/zero bs=1 count=227 >> data_pad

We encrypt the data with the public key:

$ openssl rsautl -encrypt -inkey 1.pub -in data_pad -pubin -out data.crypt -raw

Then, we decrypt with the private key inside the Pico HSM:

$ cat data.crypt|pkcs11-tool --id 1 --pin 648219 --decrypt --mechanism RSA-X-509
Using slot 0 with a present token (0x0)
Using decrypt algorithm RSA-X-509
This is a test string. Be safe, be secure.

$ openssl pkeyutl -encrypt -inkey 1.pub -pubin -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256 -in data -out data.crypt

$ pkcs11-tool --id 1 --pin 648219 --decrypt --mechanism RSA-PKCS-OAEP -i data.crypt
Using slot 0 with a present token (0x0)
Using decrypt algorithm RSA-PKCS-OAEP
OAEP parameters: hashAlg=SHA256, mgf=MGF1-SHA256, source_type=0, source_ptr=0x0, source_len=0
This is a test string. Be safe, be secure.